package com.example.ssrbac.security;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * JWT认证入口点
 * 
 * 该组件负责处理未认证的请求
 * 主要功能包括：
 * 1. 处理未认证的请求
 * 2. 返回401未授权响应
 * 3. 记录未认证请求的日志
 * 
 * @author Your Name
 * @version 1.0
 */
@Component
public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
    // 使用SLF4J进行日志记录
    private static final Logger logger = LoggerFactory.getLogger(JwtAuthenticationEntryPoint.class);

    /**
     * 处理未认证的请求
     * 
     * @param request HTTP请求
     * @param response HTTP响应
     * @param authException 认证异常
     * @throws IOException 如果发生IO异常
     */
    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response,
                        AuthenticationException authException) throws IOException {
        // 记录未认证请求的日志
        logger.error("未认证的请求: {}", request.getRequestURI());
        
        // 返回401未授权响应
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "未认证的请求");
    }
} 